Types of Hackers: White Hat vs. Black Hat & Every Shade in Between
By Megan Ruesink on 02/22/2017
Shortly after the terrorist attacks in Paris went public, a group of hackers called “Anonymous” took action. A spokesperson for their group posted a YouTube video and said, “Wait, then, for a massive response from Anonymous…Wait for many cyberattacks…War has been declared. Prepare yourselves.” From here, they went on to take down what they claimed to be thousands of ISIS twitter accounts using combined hacking skills from members all over the globe.
Though it is debated whether this kind of cyber action is truly helpful, the response shows that hacking can take on many forms—some good, some bad and some falling into a rather gray zone.
If you have an interest in coding or programming, you’re probably aware that there are different types of hackers out there. You’ve possibly heard of the terms, “white hat,” “black hat” and “gray hat” hackers, but what do they really mean?
Read on to learn more about the distinguishing features of these hackers and how you could use your hacking skills for the good of others—even in a career.
3 types of hackers in the tech world
The term “hacker” carries a rather negative connotation for most people. But gone are the days where we view hackers as the iconic nerds sitting in a shabby basement with ski masks on.
Hacking skills have become more and more advanced and in-demand as both companies and countries strive to protect their information, software and networks. As a result of the demand, many more people possess formidable hacking skill these days.
But it’s up to them to decide if they’d like to use those skills for the benefit or detriment of the greater good.
1. Who are “black hat hackers?”
Black hat hackers are the criminals of the online world. These are the folks who give hackers a bad name. They are in it for often selfish reasons, exploiting individuals for money, prestige or incriminating information. These individuals have no regard for the law and often hack to commit other, bigger crimes.
“These are the hackers who violate computer security for personal gain,” explains Shawn Pope, CCNA Security Engineer for Nuspire. Examples of this would be stealing credit card information or identity theft.
Some black hat hackers just want the attention. “‘Script Kiddies’ is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves,” says Robert Siciliano, identity theft expert with BestIDTheftCompanys.com.
Regardless of specific motivation, black hat hackers can be identified as those who use their abilities to exploit others for personal gain.
2. Who are “white hat hackers?”
“These are the good guys,” Siciliano says. “Computer security experts who specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure.”
White hats, also known as “ethical hackers,” may help companies and governments find holes in their networks and security by first hacking into them. They hack into the systems to discover the liabilities before the bad guys do.
“If they do happen to find a security hole in the network or a flaw in software, they report these issues back to the organization so they can take the proper steps to address the vulnerabilities,” Pope explains.
Basically, if you have white hat hackers on your payroll, they want to get to any weaknesses in your database first, to help you fix the leaks before someone exploits them. There are several positions in which hackers can use their skills to help companies, protect information and even fight against cyber terrorism with their hacking abilities. Some career opportunities are outlined later in this article.
3. Who are “gray hat hackers?”
Gray hat hackers find themselves somewhere in the middle on the spectrum between helping others and self-gain. “Some gray hats, referred to as ‘hacktivists,’ look for ways to expose wrongdoing, exact revenge or harass a target,” according to Siciliano.
Technically, this kind of hacking is done without permission, so even if there is no malicious intent, it’s still considered illegal. Much like vigilante justice, gray hat hackers might produce desirable results, but they do so outside of the law.
“A gray hat hacker is the type that might exploit a vulnerability, but instead of using it for personal gain, they might then contact the organization and allow them to fix the problem,” Pope says. He adds that some gray hats might even post the vulnerability online for either a white hat or black hat to discover.
What are some careers for white hat hackers?
You now have a basic understanding of the differences between these types of hackers. If you’re intrigued at the idea of using your hacking skills for the greater good, you’re probably wondering what career opportunities are out there.
Here are three positions that are perfect for white hat hackers.
1. Cybersecurity engineer
“Using their advanced knowledge of malware, viruses, theft, DDoS attacks and other digital threats, cybersecurity engineers defend organizations against crime online,” Siciliano explains.
These professionals are, in simple terms, really good hackers. They build, maintain and improve IT security solutions for companies. As a cybersecurity engineer, you’ll perform vulnerability testing and security assessments, and creating solutions when problems are detected.
2. Malware analyst
Malware analysts are experts in malware, which is software intended to damage computers and computer systems. Siciliano compares them to oncologists fighting cancer. “There’s research, removal or treatment, and it’s up to you to decide how you apply your training.”
In this highly specialized information security position, you’ll be tasked with identifying and disabling new and dangerous forms of malware. You’ll need to be fluent in multiple programming languages, have a deep understanding of computer systems and be a master problem solver.
3. Chief information security officer (CISO)
If you’re extra ambitious, you may have your sights set on this senior-level information security career. The CISO is responsible for overseeing all cyber security efforts within an organization. “They help prep a company for combating cyberattacks, lead investigations searching for holes in a network, monitor security operations and manage other personnel,” according to Siciliano.
You’ll need to have a good amount of information security experience under your belt before advancing to this position, but once you do, you can use your hacking and security expertise to lead the charge for an entire army in the fight against cybercrime.
Join the fight
Now you have a basic understanding of white hat hackers versus black hat hackers (and those somewhere in between). These different types of hackers make up just a portion of the broader field of information security.
Learn about more career opportunities that leverage your skills and interests in our article, 5 Information Security Jobs that Help Combat Cybercrime.